CVE-2009-3555

Executive Summary

Informations
Name	CVE-2009-3555	First vendor Publication	2009-11-09
Vendor	Cve	Last vendor Modification	2012-10-22

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:P)
Cvss Base Score	5.8	Attack Range	Network
Cvss Impact Score	4.9	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555

CWE : Common Weakness Enumeration

id	Name
CWE-310	Cryptographic Issues

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:8535

Oval ID:	oval:org.mitre.oval:def:8535
Title:	HP-UX Running OpenSSL, Remote Unauthorized Data Injection, Denial of Service (DoS)
Description:	The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-3555	Version:	3
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX02482 HP Release B.11.23 AND filesets tests openssl.OPENSSL-PVT version is less than A.00.09.08l.002 AND openssl.OPENSSL-RUN version is less than A.00.09.08l.002 AND openssl.OPENSSL-CER version is less than A.00.09.08l.002 AND openssl.OPENSSL-CONF version is less than A.00.09.08l.002 AND openssl.OPENSSL-DOC version is less than A.00.09.08l.002 AND openssl.OPENSSL-INC version is less than A.00.09.08l.002 AND openssl.OPENSSL-LIB version is less than A.00.09.08l.002 AND openssl.OPENSSL-MAN version is less than A.00.09.08l.002 AND openssl.OPENSSL-MIS version is less than A.00.09.08l.002 AND openssl.OPENSSL-SRC version is less than A.00.09.08l.002 AND openssl.OPENSSL-PRNG version is less than A.00.09.08l.002 OR Criteria meets HP Security Bulletin HPSBUX02482 HP Release B.11.11 AND filesets tests openssl.OPENSSL-PVT version is less than A.00.09.08l.001 AND openssl.OPENSSL-RUN version is less than A.00.09.08l.001 AND openssl.OPENSSL-CER version is less than A.00.09.08l.001 AND openssl.OPENSSL-CONF version is less than A.00.09.08l.001 AND openssl.OPENSSL-DOC version is less than A.00.09.08l.001 AND openssl.OPENSSL-INC version is less than A.00.09.08l.001 AND openssl.OPENSSL-LIB version is less than A.00.09.08l.001 AND openssl.OPENSSL-MAN version is less than A.00.09.08l.001 AND openssl.OPENSSL-SRC version is less than A.00.09.08l.001 AND openssl.OPENSSL-MIS version is less than A.00.09.08l.001 AND openssl.OPENSSL-PRNG version is less than A.00.09.08l.001 OR Criteria meets HP Security Bulletin HPSBUX02482 HP-UX B.11.31 AND filesets tests openssl.OPENSSL-PRNG version is less than A.00.09.08l.003 AND openssl.OPENSSL-RUN version is less than A.00.09.08l.003 AND openssl.OPENSSL-CER version is less than A.00.09.08l.003 AND openssl.OPENSSL-CONF version is less than A.00.09.08l.003 AND openssl.OPENSSL-DOC version is less than A.00.09.08l.003 AND openssl.OPENSSL-INC version is less than A.00.09.08l.003 AND openssl.OPENSSL-LIB version is less than A.00.09.08l.003 AND openssl.OPENSSL-MAN version is less than A.00.09.08l.003 AND openssl.OPENSSL-SRC version is less than A.00.09.08l.003 AND openssl.OPENSSL-MIS version is less than A.00.09.08l.003 AND openssl.OPENSSL-PRNG version is less than A.00.09.08l.003

Definition Id: oval:org.mitre.oval:def:8366

Oval ID:	oval:org.mitre.oval:def:8366
Title:	HP-UX Running Apache, Remote Unauthorized Data Injection, Denial of Service (DoS)
Description:	The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-3555	Version:	3
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP Release B.11.11 AND HP Release B.11.23 AND HP-UX B.11.31 AND filesets tests hpuxwsAPACHE.APACHE2 version is less than B.2.0.59.13 AND hpuxwsAPCH32.PHP version is less than B.2.0.59.13 AND hpuxwsAPCH32.PHP2 version is less than B.2.0.59.13 AND hpuxwsAPACHE.AUTH_LDAP version is less than B.2.0.59.13 AND hpuxwsAPACHE.AUTH_LDAP2 version is less than B.2.0.59.13 AND hpuxwsAPCH32.APACHE version is less than B.2.0.59.13 AND hpuxwsAPACHE.MOD_JK version is less than B.2.0.59.13 AND hpuxwsAPCH32.APACHE2 version is less than B.2.0.59.13 AND hpuxwsAPACHE.MOD_JK2 version is less than B.2.0.59.13 AND hpuxwsAPACHE.MOD_PERL version is less than B.2.0.59.13 AND hpuxwsAPCH32.AUTH_LDAP version is less than B.2.0.59.13 AND hpuxwsAPCH32.AUTH_LDAP2 version is less than B.2.0.59.13 AND hpuxwsAPACHE.MOD_PERL2 version is less than B.2.0.59.13 AND hpuxwsAPACHE.PHP version is less than B.2.0.59.13 AND hpuxwsAPCH32.MOD_JK version is less than B.2.0.59.13 AND hpuxwsAPACHE.PHP2 version is less than B.2.0.59.13 AND hpuxwsAPCH32.MOD_JK2 version is less than B.2.0.59.13 AND hpuxwsAPCH32.WEBPROXY version is less than B.2.0.59.13 AND hpuxwsAPACHE.WEBPROXY version is less than B.2.0.59.13 AND hpuxwsAPCH32.MOD_PERL version is less than B.2.0.59.13 AND hpuxwsAPCH32.MOD_PERL2 version is less than B.2.0.59.13 AND hpuxwsAPACHE.APACHE version is less than B.2.0.59.13

Definition Id: oval:org.mitre.oval:def:7973

Oval ID:	oval:org.mitre.oval:def:7973
Title:	Security Vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer 3.0 (SSLv3) Protocols Involving Handshake Renegotiation Affects Applications Utilizing Network Security Services (NSS)
Description:	The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-3555	Version:	1
Platform(s):	Sun Solaris 8 Sun Solaris 9 Sun Solaris 10	Product(s):
Definition Synopsis:
Solaris 8 (SPARC) meets Sun Alert 273350 Solaris 8 (SPARC) is installed AND NOT Patch 119209-22 or later installed AND SUNWtls is installed OR Solaris 9 (SPARC) meets Sun Alert 273350 Solaris 9 (SPARC) is installed AND NOT Patch 119211-22 or later installed AND SUNWtls is installed OR Solaris 10 (SPARC) meets Sun Alert 273350 Solaris 10 (SPARC) is installed AND NOT Patch 119213-21 or later installed AND SUNWtls is installed OR Solaris 9 (x86) meets Sun Alert 273350 Solaris 9 (x86) is installed AND NOT Patch 119212-22 or later installed AND SUNWtls is installed OR Solaris 10 (x86) meets Sun Alert 273350 Solaris 10 (x86) is installed AND NOT Patch 119214-21 or later installed AND SUNWtls is installed

Definition Id: oval:org.mitre.oval:def:7478

Oval ID:	oval:org.mitre.oval:def:7478
Title:	VMware ESX, Service Console update for OpenSSL, GnuTLS, NSS and NSPR.
Description:	The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-3555	Version:	3
Platform(s):	VMWare ESX Server 4	Product(s):
Definition Synopsis:
VMware ESX Server 4.0 is installed AND Patch ESX400-201009401-SG is not installed.

Definition Id: oval:org.mitre.oval:def:7315

Oval ID:	oval:org.mitre.oval:def:7315
Title:	TLS/SSL Renegotiation Vulnerability
Description:	The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-3555	Version:	8
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7	Product(s):	Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey
Definition Synopsis:
IF Mozilla Firefox is installed AND Mozilla Firefox 3.5.x before 3.5.9 and 3.6.x before 3.6.2 OR Mozilla Seamonkey is installed AND Mozilla Seamonkey version less than 2.0 AND Mozilla Seamonkey version 2.x and less than 2.0.4 OR Mozilla Thunderbird is installed AND Mozilla Thunderbird version less than 3.0.4 OR Vulnerable Microsoft Windows XP SP3 x86 Microsoft Windows XP (x86) SP3 is installed AND the version of schannel.dll is less than 5.1.2600.6006 OR Vulnerable Microsoft Windows XP SP2 x64, Windows Server 2003 x86/x64/ia64 SP2 IF Microsoft Windows XP x64 Edition SP2 is installed AND Microsoft Windows Server 2003 SP2 (x86) is installed AND Microsoft Windows Server 2003 SP2 (x64) is installed AND Microsoft Windows Server 2003 (ia64) SP2 is installed AND the version of schannel.dll is less than 5.2.3790.4724 OR Vulnerable Microsoft Windows Vista x86/x64 SP1, Server 2008 x86/x64/ia64 IF Microsoft Windows Vista (32-bit) Service Pack 1 is installed AND Microsoft Windows Vista x64 Edition Service Pack 1 is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND GDR or LDR Service branch the version of schannel.dll is less than 6.0.6001.18490 OR LDR the version of schannel.dll is greater than or equal to 6.0.6001.22000 AND the version of schannel.dll is less than 6.0.6001.22709 OR Vulnerable Microsoft Windows Vista x86/x64 SP2, Server 2008 x86/x64/ia64 SP2 IF Microsoft Windows Vista (32-bit) Service Pack 2 is installed AND Microsoft Windows Vista x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed AND Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed AND GDR or LDR Service branch the version of schannel.dll is less than 6.0.6002.18269 OR LDR the version of schannel.dll is greater than or equal to 6.0.6002.22000 AND the version of schannel.dll is less than 6.0.6002.22422 OR Vulnerable Microsoft Windows 7 x86/x64, Windows Server 2008 R2 x64/ia64 IF Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND GDR or LDR Service branch the version of schannel.dll is less than 6.1.7600.16612 OR LDR the version of schannel.dll is greater than or equal to 6.1.7600.20000 AND the version of schannel.dll is less than 6.1.7600.20735

Definition Id: oval:org.mitre.oval:def:11617

Oval ID:	oval:org.mitre.oval:def:11617
Title:	AIX OpenSSL session renegotiation vulnerability
Description:	The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-3555	Version:	3
Platform(s):	IBM AIX 5.2 IBM AIX 5.3 IBM AIX 6.1	Product(s):
Definition Synopsis:
OS check IBM AIX 5.3 is installed AND openssl.base versions less than 0.9.8.1102 OR OS based check IBM AIX 5.3 is installed AND openssl.base FIPS capable versions less than 12.9.8.1102 OR OS check openssl.base versions less than 0.9.8.1102 AND IBM AIX Version 6.1 check AND IBM AIX Version 6.1 check OR openssl.base FIPS capable versions less than 12.9.8.1102 AND IBM AIX Version 6.1 check AND IBM AIX Version 6.1 check OR IBM AIX 5.2 is installed AND openssl.base versions less than 0.9.8.805

Definition Id: oval:org.mitre.oval:def:11578

Oval ID:	oval:org.mitre.oval:def:11578
Title:	Security Vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer 3.0 (SSLv3) Protocols Involving Handshake Renegotiation Affects OpenSSL
Description:	The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-3555	Version:	3
Platform(s):	Sun Solaris 10	Product(s):
Definition Synopsis:
Solaris 10 (SPARC) meets Sun Alert 1021653.1 Solaris 10 (SPARC) is installed AND NOT Patch 143140-04 or later installed OR Solaris 10 (SPARC) meets Sun Alert 1021653.1 Solaris 10 (SPARC) is installed AND NOT Patch 145102-01 or later installed OR Solaris 10 (x86) meets Sun Alert 1021653.1 Solaris 10 (x86) is installed AND NOT Patch 141525-10 or later installed

Definition Id: oval:org.mitre.oval:def:10088

Oval ID:	oval:org.mitre.oval:def:10088
Title:	The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
Description:	The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-3555	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section openssl-perl is earlier than 0:0.9.7a-33.26 AND openssl-devel is earlier than 0:0.9.7a-33.26 AND openssl is earlier than 0:0.9.7a-33.26 AND httpd-devel is earlier than 0:2.0.46-77.ent AND mod_ssl is earlier than 0:2.0.46-77.ent AND httpd is earlier than 0:2.0.46-77.ent OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section openssl-perl is earlier than 0:0.9.7a-43.17.el4_8.5 AND httpd-suexec is earlier than 0:2.0.52-41.ent.6 AND httpd-manual is earlier than 0:2.0.52-41.ent.6 AND nspr is earlier than 0:4.8.4-1.1.el4_8 AND mod_ssl is earlier than 0:2.0.52-41.ent.6 AND nss is earlier than 0:3.12.6-1.el4_8 AND nspr-devel is earlier than 0:4.8.4-1.1.el4_8 AND httpd is earlier than 0:2.0.52-41.ent.6 AND openssl-devel is earlier than 0:0.9.7a-43.17.el4_8.5 AND gnutls is earlier than 0:1.0.20-4.el4_8.7 AND openssl is earlier than 0:0.9.7a-43.17.el4_8.5 AND httpd-devel is earlier than 0:2.0.52-41.ent.6 AND nss-devel is earlier than 0:3.12.6-1.el4_8 AND gnutls-devel is earlier than 0:1.0.20-4.el4_8.7 AND nss-tools is earlier than 0:3.12.6-1.el4_8 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section openssl097a is earlier than 0:0.9.7a-9.el5_4.2 AND openssl-perl is earlier than 0:0.9.8e-12.el5_4.6 AND nss-pkcs11-devel is earlier than 0:3.12.6-1.el5_4 AND httpd-manual is earlier than 0:2.2.3-31.el5_4.2 AND nspr-devel is earlier than 0:4.8.4-1.el5_4 AND gnutls is earlier than 0:1.4.1-3.el5_4.8 AND openssl is earlier than 0:0.9.8e-12.el5_4.6 AND httpd-devel is earlier than 0:2.2.3-31.el5_4.2 AND java-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-1.11.b16.el5 AND mod_ssl is earlier than 0:2.2.3-31.el5_4.2 AND nspr is earlier than 0:4.8.4-1.el5_4 AND nss is earlier than 0:3.12.6-1.el5_4 AND httpd is earlier than 0:2.2.3-31.el5_4.2 AND java-1.6.0-openjdk is earlier than 1:1.6.0.0-1.11.b16.el5 AND java-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-1.11.b16.el5 AND openssl-devel is earlier than 0:0.9.8e-12.el5_4.6 AND gnutls-devel is earlier than 0:1.4.1-3.el5_4.8 AND nss-devel is earlier than 0:3.12.6-1.el5_4 AND java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-1.11.b16.el5 AND java-1.6.0-openjdk-src is earlier than 1:1.6.0.0-1.11.b16.el5 AND nss-tools is earlier than 0:3.12.6-1.el5_4 AND gnutls-utils is earlier than 0:1.4.1-3.el5_4.8

CPE : Common Platform Enumeration

Type	Description	Count
Application	Apache Http Server cpe:/a:apache:http_server:2.2.8 cpe:/a:apache:http_server:2.2.7 cpe:/a:apache:http_server:2.2.6 cpe:/a:apache:http_server:2.2.5 cpe:/a:apache:http_server:2.2.4 cpe:/a:apache:http_server:2.2.3 cpe:/a:apache:http_server:2.2.2 cpe:/a:apache:http_server:2.2.13 cpe:/a:apache:http_server:2.2.12 cpe:/a:apache:http_server:2.2.11 cpe:/a:apache:http_server:2.2.10 cpe:/a:apache:http_server:2.2.1 cpe:/a:apache:http_server:2.2.0 cpe:/a:apache:http_server:2.2 cpe:/a:apache:http_server:2.1.9 cpe:/a:apache:http_server:2.1.8 cpe:/a:apache:http_server:2.1.7 cpe:/a:apache:http_server:2.1.6 cpe:/a:apache:http_server:2.1.5 cpe:/a:apache:http_server:2.1.4 cpe:/a:apache:http_server:2.1.3 cpe:/a:apache:http_server:2.1.2 cpe:/a:apache:http_server:2.1.1 cpe:/a:apache:http_server:2.0.9 cpe:/a:apache:http_server:2.0.63 cpe:/a:apache:http_server:2.0.61 cpe:/a:apache:http_server:2.0.60 cpe:/a:apache:http_server:2.0.59 cpe:/a:apache:http_server:2.0.58 cpe:/a:apache:http_server:2.0.58::win32 cpe:/a:apache:http_server:2.0.57 cpe:/a:apache:http_server:2.0.56 cpe:/a:apache:http_server:2.0.55 cpe:/a:apache:http_server:2.0.54 cpe:/a:apache:http_server:2.0.53 cpe:/a:apache:http_server:2.0.52 cpe:/a:apache:http_server:2.0.51 cpe:/a:apache:http_server:2.0.50 cpe:/a:apache:http_server:2.0.49 cpe:/a:apache:http_server:2.0.48 cpe:/a:apache:http_server:2.0.47 cpe:/a:apache:http_server:2.0.46 cpe:/a:apache:http_server:2.0.46::win32 cpe:/a:apache:http_server:2.0.45 cpe:/a:apache:http_server:2.0.44 cpe:/a:apache:http_server:2.0.43 cpe:/a:apache:http_server:2.0.42 cpe:/a:apache:http_server:2.0.41 cpe:/a:apache:http_server:2.0.40 cpe:/a:apache:http_server:2.0.39 cpe:/a:apache:http_server:2.0.38 cpe:/a:apache:http_server:2.0.37 cpe:/a:apache:http_server:2.0.36 cpe:/a:apache:http_server:2.0.35 cpe:/a:apache:http_server:2.0.34:beta cpe:/a:apache:http_server:2.0.32 cpe:/a:apache:http_server:2.0.32:beta cpe:/a:apache:http_server:2.0.28:beta cpe:/a:apache:http_server:2.0.28 cpe:/a:apache:http_server:2.0 cpe:/a:apache:http_server:1.99 cpe:/a:apache:http_server:1.4.0 cpe:/a:apache:http_server:1.3.9 cpe:/a:apache:http_server:1.3.8 cpe:/a:apache:http_server:1.3.7 cpe:/a:apache:http_server:1.3.7::dev cpe:/a:apache:http_server:1.3.68 cpe:/a:apache:http_server:1.3.65 cpe:/a:apache:http_server:1.3.6 cpe:/a:apache:http_server:1.3.5 cpe:/a:apache:http_server:1.3.4 cpe:/a:apache:http_server:1.3.39 cpe:/a:apache:http_server:1.3.38 cpe:/a:apache:http_server:1.3.37 cpe:/a:apache:http_server:1.3.36 cpe:/a:apache:http_server:1.3.35 cpe:/a:apache:http_server:1.3.34 cpe:/a:apache:http_server:1.3.33 cpe:/a:apache:http_server:1.3.32 cpe:/a:apache:http_server:1.3.31 cpe:/a:apache:http_server:1.3.30 cpe:/a:apache:http_server:1.3.3 cpe:/a:apache:http_server:1.3.29 cpe:/a:apache:http_server:1.3.28 cpe:/a:apache:http_server:1.3.27 cpe:/a:apache:http_server:1.3.26 cpe:/a:apache:http_server:1.3.25 cpe:/a:apache:http_server:1.3.24 cpe:/a:apache:http_server:1.3.23 cpe:/a:apache:http_server:1.3.22 cpe:/a:apache:http_server:1.3.20 cpe:/a:apache:http_server:1.3.2 cpe:/a:apache:http_server:1.3.19 cpe:/a:apache:http_server:1.3.18 cpe:/a:apache:http_server:1.3.17 cpe:/a:apache:http_server:1.3.16 cpe:/a:apache:http_server:1.3.15 cpe:/a:apache:http_server:1.3.14 cpe:/a:apache:http_server:1.3.13 cpe:/a:apache:http_server:1.3.12 cpe:/a:apache:http_server:1.3.11 cpe:/a:apache:http_server:1.3.1.1 cpe:/a:apache:http_server:1.3.0 cpe:/a:apache:http_server:1.3 cpe:/a:apache:http_server:1.2.6 cpe:/a:apache:http_server:1.2.5 cpe:/a:apache:http_server:1.2.4 cpe:/a:apache:http_server:1.2 cpe:/a:apache:http_server:1.1.1 cpe:/a:apache:http_server:1.0.5 cpe:/a:apache:http_server:1.0.3 cpe:/a:apache:http_server:1.0.2 cpe:/a:apache:http_server:1.0 cpe:/a:apache:http_server:0.8.14 cpe:/a:apache:http_server:0.8.11	115
Application	Gnu Gnutls cpe:/a:gnu:gnutls:2.8.1 cpe:/a:gnu:gnutls:2.8.0 cpe:/a:gnu:gnutls:2.6.6 cpe:/a:gnu:gnutls:2.6.5 cpe:/a:gnu:gnutls:2.6.4 cpe:/a:gnu:gnutls:2.6.3 cpe:/a:gnu:gnutls:2.6.2 cpe:/a:gnu:gnutls:2.6.1 cpe:/a:gnu:gnutls:2.6.0 cpe:/a:gnu:gnutls:2.5.0 cpe:/a:gnu:gnutls:2.4.2 cpe:/a:gnu:gnutls:2.4.1 cpe:/a:gnu:gnutls:2.4.0 cpe:/a:gnu:gnutls:2.3.9 cpe:/a:gnu:gnutls:2.3.8 cpe:/a:gnu:gnutls:2.3.7 cpe:/a:gnu:gnutls:2.3.6 cpe:/a:gnu:gnutls:2.3.5 cpe:/a:gnu:gnutls:2.3.4 cpe:/a:gnu:gnutls:2.3.3 cpe:/a:gnu:gnutls:2.3.2 cpe:/a:gnu:gnutls:2.3.11 cpe:/a:gnu:gnutls:2.3.10 cpe:/a:gnu:gnutls:2.3.1 cpe:/a:gnu:gnutls:2.3.0 cpe:/a:gnu:gnutls:2.2.5 cpe:/a:gnu:gnutls:2.2.4 cpe:/a:gnu:gnutls:2.2.3 cpe:/a:gnu:gnutls:2.2.2 cpe:/a:gnu:gnutls:2.2.1 cpe:/a:gnu:gnutls:2.2.0 cpe:/a:gnu:gnutls:2.1.8 cpe:/a:gnu:gnutls:2.1.7 cpe:/a:gnu:gnutls:2.1.6 cpe:/a:gnu:gnutls:2.1.5 cpe:/a:gnu:gnutls:2.1.4 cpe:/a:gnu:gnutls:2.1.3 cpe:/a:gnu:gnutls:2.1.2 cpe:/a:gnu:gnutls:2.1.1 cpe:/a:gnu:gnutls:2.1.0 cpe:/a:gnu:gnutls:2.0.4 cpe:/a:gnu:gnutls:2.0.3 cpe:/a:gnu:gnutls:2.0.2 cpe:/a:gnu:gnutls:2.0.1 cpe:/a:gnu:gnutls:2.0.0 cpe:/a:gnu:gnutls:1.7.9 cpe:/a:gnu:gnutls:1.7.8 cpe:/a:gnu:gnutls:1.7.7 cpe:/a:gnu:gnutls:1.7.6 cpe:/a:gnu:gnutls:1.7.5 cpe:/a:gnu:gnutls:1.7.4 cpe:/a:gnu:gnutls:1.7.3 cpe:/a:gnu:gnutls:1.7.2 cpe:/a:gnu:gnutls:1.7.19 cpe:/a:gnu:gnutls:1.7.18 cpe:/a:gnu:gnutls:1.7.17 cpe:/a:gnu:gnutls:1.7.16 cpe:/a:gnu:gnutls:1.7.15 cpe:/a:gnu:gnutls:1.7.14 cpe:/a:gnu:gnutls:1.7.13 cpe:/a:gnu:gnutls:1.7.12 cpe:/a:gnu:gnutls:1.7.11 cpe:/a:gnu:gnutls:1.7.10 cpe:/a:gnu:gnutls:1.7.1 cpe:/a:gnu:gnutls:1.7.0 cpe:/a:gnu:gnutls:1.6.3 cpe:/a:gnu:gnutls:1.6.2 cpe:/a:gnu:gnutls:1.6.1 cpe:/a:gnu:gnutls:1.6.0 cpe:/a:gnu:gnutls:1.5.5 cpe:/a:gnu:gnutls:1.5.4 cpe:/a:gnu:gnutls:1.5.3 cpe:/a:gnu:gnutls:1.5.2 cpe:/a:gnu:gnutls:1.5.1 cpe:/a:gnu:gnutls:1.5.0 cpe:/a:gnu:gnutls:1.4.5 cpe:/a:gnu:gnutls:1.4.4 cpe:/a:gnu:gnutls:1.4.3 cpe:/a:gnu:gnutls:1.4.2 cpe:/a:gnu:gnutls:1.4.1 cpe:/a:gnu:gnutls:1.4.0 cpe:/a:gnu:gnutls:1.3.5 cpe:/a:gnu:gnutls:1.3.4 cpe:/a:gnu:gnutls:1.3.3 cpe:/a:gnu:gnutls:1.3.2 cpe:/a:gnu:gnutls:1.3.1 cpe:/a:gnu:gnutls:1.3.0 cpe:/a:gnu:gnutls:1.2.9 cpe:/a:gnu:gnutls:1.2.8.1a1 cpe:/a:gnu:gnutls:1.2.8 cpe:/a:gnu:gnutls:1.2.7 cpe:/a:gnu:gnutls:1.2.6 cpe:/a:gnu:gnutls:1.2.5 cpe:/a:gnu:gnutls:1.2.4 cpe:/a:gnu:gnutls:1.2.3 cpe:/a:gnu:gnutls:1.2.2 cpe:/a:gnu:gnutls:1.2.11 cpe:/a:gnu:gnutls:1.2.10 cpe:/a:gnu:gnutls:1.2.1 cpe:/a:gnu:gnutls:1.2.0 cpe:/a:gnu:gnutls:1.1.23 cpe:/a:gnu:gnutls:1.1.22 cpe:/a:gnu:gnutls:1.1.21 cpe:/a:gnu:gnutls:1.1.20 cpe:/a:gnu:gnutls:1.1.19 cpe:/a:gnu:gnutls:1.1.18 cpe:/a:gnu:gnutls:1.1.17 cpe:/a:gnu:gnutls:1.1.16 cpe:/a:gnu:gnutls:1.1.15 cpe:/a:gnu:gnutls:1.1.14 cpe:/a:gnu:gnutls:1.1.13 cpe:/a:gnu:gnutls:1.0.25 cpe:/a:gnu:gnutls:1.0.24 cpe:/a:gnu:gnutls:1.0.23 cpe:/a:gnu:gnutls:1.0.22 cpe:/a:gnu:gnutls:1.0.21 cpe:/a:gnu:gnutls:1.0.20 cpe:/a:gnu:gnutls:1.0.19 cpe:/a:gnu:gnutls:1.0.18 cpe:/a:gnu:gnutls:1.0.17 cpe:/a:gnu:gnutls:1.0.16	121
Application	Microsoft Iis cpe:/a:microsoft:iis:7.0	1
Application	Mozilla Nss cpe:/a:mozilla:nss:3.9.5 cpe:/a:mozilla:nss:3.9 cpe:/a:mozilla:nss:3.8 cpe:/a:mozilla:nss:3.7.7 cpe:/a:mozilla:nss:3.7.5 cpe:/a:mozilla:nss:3.7.3 cpe:/a:mozilla:nss:3.7.2 cpe:/a:mozilla:nss:3.7.1 cpe:/a:mozilla:nss:3.7 cpe:/a:mozilla:nss:3.6.1 cpe:/a:mozilla:nss:3.6 cpe:/a:mozilla:nss:3.5 cpe:/a:mozilla:nss:3.4.3 cpe:/a:mozilla:nss:3.4.2 cpe:/a:mozilla:nss:3.4.1 cpe:/a:mozilla:nss:3.4 cpe:/a:mozilla:nss:3.3.2 cpe:/a:mozilla:nss:3.3.1 cpe:/a:mozilla:nss:3.3 cpe:/a:mozilla:nss:3.2.1 cpe:/a:mozilla:nss:3.2 cpe:/a:mozilla:nss:3.12.2 cpe:/a:mozilla:nss:3.12.1 cpe:/a:mozilla:nss:3.12 cpe:/a:mozilla:nss:3.11.8 cpe:/a:mozilla:nss:3.11.7 cpe:/a:mozilla:nss:3.11.4 cpe:/a:mozilla:nss:3.11.2 cpe:/a:mozilla:nss:3.10 cpe:/a:mozilla:nss:3.0	30
Application	Openssl Openssl cpe:/a:openssl:openssl:1.0::openvms cpe:/a:openssl:openssl:0.9.8h cpe:/a:openssl:openssl:0.9.8g cpe:/a:openssl:openssl:0.9.8f cpe:/a:openssl:openssl:0.9.8e cpe:/a:openssl:openssl:0.9.8d cpe:/a:openssl:openssl:0.9.8c cpe:/a:openssl:openssl:0.9.8b cpe:/a:openssl:openssl:0.9.8a cpe:/a:openssl:openssl:0.9.8 cpe:/a:openssl:openssl:0.9.7m cpe:/a:openssl:openssl:0.9.7l cpe:/a:openssl:openssl:0.9.7k cpe:/a:openssl:openssl:0.9.7j cpe:/a:openssl:openssl:0.9.7i cpe:/a:openssl:openssl:0.9.7h cpe:/a:openssl:openssl:0.9.7g cpe:/a:openssl:openssl:0.9.7f cpe:/a:openssl:openssl:0.9.7e cpe:/a:openssl:openssl:0.9.7d cpe:/a:openssl:openssl:0.9.7c cpe:/a:openssl:openssl:0.9.7b cpe:/a:openssl:openssl:0.9.7a cpe:/a:openssl:openssl:0.9.7 cpe:/a:openssl:openssl:0.9.7:beta5 cpe:/a:openssl:openssl:0.9.7:beta6 cpe:/a:openssl:openssl:0.9.7:beta3 cpe:/a:openssl:openssl:0.9.7:beta4 cpe:/a:openssl:openssl:0.9.7:beta2 cpe:/a:openssl:openssl:0.9.7:beta1 cpe:/a:openssl:openssl:0.9.6m cpe:/a:openssl:openssl:0.9.6l cpe:/a:openssl:openssl:0.9.6k cpe:/a:openssl:openssl:0.9.6j cpe:/a:openssl:openssl:0.9.6i cpe:/a:openssl:openssl:0.9.6h cpe:/a:openssl:openssl:0.9.6g cpe:/a:openssl:openssl:0.9.6f cpe:/a:openssl:openssl:0.9.6e cpe:/a:openssl:openssl:0.9.6d cpe:/a:openssl:openssl:0.9.6c cpe:/a:openssl:openssl:0.9.6b cpe:/a:openssl:openssl:0.9.6a:beta1 cpe:/a:openssl:openssl:0.9.6a:beta3 cpe:/a:openssl:openssl:0.9.6a cpe:/a:openssl:openssl:0.9.6a:beta2 cpe:/a:openssl:openssl:0.9.6:beta2 cpe:/a:openssl:openssl:0.9.6:beta1 cpe:/a:openssl:openssl:0.9.6:beta3 cpe:/a:openssl:openssl:0.9.6 cpe:/a:openssl:openssl:0.9.5a:beta2 cpe:/a:openssl:openssl:0.9.5a:beta1 cpe:/a:openssl:openssl:0.9.5a cpe:/a:openssl:openssl:0.9.5 cpe:/a:openssl:openssl:0.9.5:beta2 cpe:/a:openssl:openssl:0.9.5:beta1 cpe:/a:openssl:openssl:0.9.4 cpe:/a:openssl:openssl:0.9.3a cpe:/a:openssl:openssl:0.9.3 cpe:/a:openssl:openssl:0.9.2b cpe:/a:openssl:openssl:0.9.1c	61

ExploitDB Exploits

id	Description
2009-12-21	TLS Renegotiation Vulnerability PoC Exploit

Open Source Vulnerability Database (OSVDB)

id	Description
77832	Parallels Plesk Panel Billing System TLS Renegotiation Handshakes MiTM Plaint...
75622	Blue Coat Director TLS Renegotiation Handshakes MiTM Plaintext Data Injection
74335	Hitachi Web Server TLS Renegotiation Handshakes MiTM Plaintext Data Injection
71961	Oracle Fusion Middleware Oracle WebLogic Server TLS Renegotiation Handshakes ...
71951	Oracle Multiple Products Oracle Security Service TLS Renegotiation Handshakes...
70620	mGuard TLS Renegotiation Handshakes MiTM Plaintext Data Injection
70055	Oracle Supply Chain Transportation Management TLS Renegotiation Handshakes Mi...
69561	IBM WebSphere MQ Internet Pass-Thru TLS Renegotiation Handshake MiTM Plaintex...
69032	Oracle Java SE / Java for Business TLS Renegotiation Handshake MiTM Plaintext...
67029	HP Threat Management Services zl Module TLS Renegotiation Handshakes MiTM Pla...
66315	HP Insight Manager TLS Renegotiation Handshakes MiTM Plaintext Data Injection
65202	OpenOffice.org (OOo) TLS Renegotiation Handshakes MiTM Plaintext Data Injection
64725	HP System Management Homepage (SMH) TLS Renegotiation Handshakes MiTM Plainte...
64499	ArubaOS HTTPS WebUI Admin Interface TLS Renegotiation Handshakes MiTM Plainte...
64040	IBM DB2 TLS Renegotiation Handshakes MiTM Plaintext Data Injection
62877	SSH Tectia Audit Player TLS Renegotiation Handshakes MiTM Plaintext Data Inje...
62536	Blue Coat Products TLS Renegotiation Handshakes MiTM Plaintext Data Injection
62273	Opera TLS Renegotiation Handshakes MiTM Plaintext Data Injection
62210	Aruba Mobility Controller TLS Renegotiation Handshakes MiTM Plaintext Data In...
62135	Network Security Services (NSS) TLS Renegotiation Handshakes MiTM Plaintext D...
62064	IBM Java TLS Renegotiation Handshakes MiTM Plaintext Data Injection
61929	IBM WebSphere Application Server TLS Renegotiation Handshakes MiTM Plaintext ...
61785	Avaya Products Multiple Product TLS Renegotiation Handshakes MiTM Plaintext D...
61784	Sun Java System Multiple Product TLS Renegotiation Handshakes MiTM Plaintext ...
61718	IBM WebSphere DataPower TLS Renegotiation Handshakes MiTM Plaintext Data Inje...
61234	IBM SDK for Java TLS Renegotiation Handshakes MiTM Plaintext Data Injection
60521	Ingate Firewall/SIParator SSL / TLS Renegotiation Handshakes MiTM Plaintext D...
60366	Cisco Multiple Devices TLS Renegotiation Handshakes MiTM Plaintext Data Injec...
59974	MatrixSSL TLS Renegotiation Handshakes MiTM Plaintext Data Injection
59973	Citrix Secure Gateway TLS Renegotiation Handshakes MiTM Plaintext Data Injection
59972	GnuTLS TLS Renegotiation Handshakes MiTM Plaintext Data Injection
59971	OpenSSL TLS Renegotiation Handshakes MiTM Plaintext Data Injection
59970	Mozilla Network Security Services (NSS) SSL / TLS Renegotiation Handshakes Mi...
59969	Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext ...
59968	Microsoft Multiple Products SSL / TLS Renegotiation Handshakes MiTM Plaintext...

Internal Sources (Detail)

Source	Url
AIXAPAR	http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848 http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054 http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055 http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247 http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=only
APPLE	http://lists.apple.com/archives/security-announce/2010//May/msg00001.html http://lists.apple.com/archives/security-announce/2010//May/msg00002.html http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html
BID	http://www.securityfocus.com/bid/36935
BUGTRAQ	http://www.securityfocus.com/archive/1/archive/1/507952/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/508075/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/508130/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/515055/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/516397/100/0/threaded
CERT	http://www.us-cert.gov/cas/techalerts/TA10-222A.html http://www.us-cert.gov/cas/techalerts/TA10-287A.html
CERT-VN	http://www.kb.cert.org/vuls/id/120541
CISCO	http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1...
CONFIRM	http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during http://kbase.redhat.com/faq/docs/DOC-20491 http://support.apple.com/kb/HT4004 http://support.apple.com/kb/HT4170 http://support.apple.com/kb/HT4171 http://support.avaya.com/css/P8/documents/100070150 http://support.avaya.com/css/P8/documents/100081611 http://support.avaya.com/css/P8/documents/100114315 http://support.avaya.com/css/P8/documents/100114327 http://support.citrix.com/article/CTX123359 http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released http://sysoev.ru/nginx/patch.cve-2009-3555.txt http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html http://wiki.rpath.com/Advisories:rPSA-2009-0155 http://www-01.ibm.com/support/docview.wss?uid=swg21426108 http://www-01.ibm.com/support/docview.wss?uid=swg21432298 http://www-01.ibm.com/support/docview.wss?uid=swg24006386 http://www-01.ibm.com/support/docview.wss?uid=swg24025312 http://www.arubanetworks.com/support/alerts/aid-020810.txt http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html http://www.ingate.com/Relnote.php?ver=481 http://www.mozilla.org/security/announce/2010/mfsa2010-22.html http://www.openoffice.org/security/cves/CVE-2009-3555.html http://www.opera.com/docs/changelogs/unix/1060/ http://www.opera.com/support/search/view/944/ http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c http://www.vmware.com/security/advisories/VMSA-2010-0019.html http://www.vmware.com/security/advisories/VMSA-2011-0003.html http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html https://bugzilla.mozilla.org/show_bug.cgi?id=545755 https://bugzilla.redhat.com/show_bug.cgi?id=533125 https://kb.bluecoat.com/index?page=content&id=SA50
DEBIAN	http://www.debian.org/security/2009/dsa-1934 http://www.debian.org/security/2011/dsa-2141
FEDORA	http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455... http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528... http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702... https://www.redhat.com/archives/fedora-package-announce/2009-December/msg0042... https://www.redhat.com/archives/fedora-package-announce/2009-December/msg0044... https://www.redhat.com/archives/fedora-package-announce/2009-December/msg0044... https://www.redhat.com/archives/fedora-package-announce/2009-December/msg0063... https://www.redhat.com/archives/fedora-package-announce/2009-December/msg0064... https://www.redhat.com/archives/fedora-package-announce/2009-December/msg0094... https://www.redhat.com/archives/fedora-package-announce/2009-December/msg0102... https://www.redhat.com/archives/fedora-package-announce/2009-December/msg0102...
FULLDISC	http://seclists.org/fulldisclosure/2009/Nov/139
GENTOO	http://security.gentoo.org/glsa/glsa-200912-01.xml http://security.gentoo.org/glsa/glsa-201203-22.xml
HP	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041 http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 http://marc.info/?l=bugtraq&m=127419602507642&w=2 http://marc.info/?l=bugtraq&m=127419602507642&w=2 http://marc.info/?l=bugtraq&m=130497311408250&w=2 http://marc.info/?l=bugtraq&m=130497311408250&w=2 http://marc.info/?l=bugtraq&m=132077688910227&w=2 http://marc.info/?l=bugtraq&m=132077688910227&w=2 http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995 http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995 http://www.securityfocus.com/archive/1/522176 http://www.securityfocus.com/archive/1/522176
MANDRIVA	http://www.mandriva.com/security/advisories?name=MDVSA-2010:076 http://www.mandriva.com/security/advisories?name=MDVSA-2010:084 http://www.mandriva.com/security/advisories?name=MDVSA-2010:089
MISC	http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html http://blogs.iss.net/archive/sslmitmiscsrf.html http://clicky.me/tlsvuln http://extendedsubset.com/?p=8 http://extendedsubset.com/Renegotiating_TLS.pdf http://www.betanews.com/article/1257452450 http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html http://www.links.org/?p=780 http://www.links.org/?p=786 http://www.links.org/?p=789 http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html http://www.tombom.co.uk/blog/?p=85 http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.... https://bugzilla.mozilla.org/show_bug.cgi?id=526689 https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiat...
MLIST	http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2 http://marc.info/?l=cryptography&m=125752275331877&w=2 http://www.ietf.org/mail-archive/web/tls/current/msg03928.html http://www.ietf.org/mail-archive/web/tls/current/msg03948.html http://www.openwall.com/lists/oss-security/2009/11/05/3 http://www.openwall.com/lists/oss-security/2009/11/05/5 http://www.openwall.com/lists/oss-security/2009/11/06/3 http://www.openwall.com/lists/oss-security/2009/11/07/3 http://www.openwall.com/lists/oss-security/2009/11/20/1 http://www.openwall.com/lists/oss-security/2009/11/23/10
MS	http://www.microsoft.com/technet/security/Bulletin/MS10-049.mspx
OPENBSD	http://openbsd.org/errata45.html#010_openssl http://openbsd.org/errata46.html#004_openssl
OSVDB	http://osvdb.org/60521 http://osvdb.org/60972 http://osvdb.org/62210 http://osvdb.org/65202
REDHAT	http://www.redhat.com/support/errata/RHSA-2010-0119.html http://www.redhat.com/support/errata/RHSA-2010-0130.html http://www.redhat.com/support/errata/RHSA-2010-0155.html http://www.redhat.com/support/errata/RHSA-2010-0165.html http://www.redhat.com/support/errata/RHSA-2010-0167.html http://www.redhat.com/support/errata/RHSA-2010-0337.html http://www.redhat.com/support/errata/RHSA-2010-0338.html http://www.redhat.com/support/errata/RHSA-2010-0339.html http://www.redhat.com/support/errata/RHSA-2010-0768.html http://www.redhat.com/support/errata/RHSA-2010-0770.html http://www.redhat.com/support/errata/RHSA-2010-0786.html http://www.redhat.com/support/errata/RHSA-2010-0807.html http://www.redhat.com/support/errata/RHSA-2010-0865.html http://www.redhat.com/support/errata/RHSA-2010-0986.html http://www.redhat.com/support/errata/RHSA-2010-0987.html http://www.redhat.com/support/errata/RHSA-2011-0880.html
SECTRACK	http://securitytracker.com/id?1023148 http://www.securitytracker.com/id?1023163 http://www.securitytracker.com/id?1023204 http://www.securitytracker.com/id?1023205 http://www.securitytracker.com/id?1023206 http://www.securitytracker.com/id?1023207 http://www.securitytracker.com/id?1023208 http://www.securitytracker.com/id?1023209 http://www.securitytracker.com/id?1023210 http://www.securitytracker.com/id?1023211 http://www.securitytracker.com/id?1023212 http://www.securitytracker.com/id?1023213 http://www.securitytracker.com/id?1023214 http://www.securitytracker.com/id?1023215 http://www.securitytracker.com/id?1023216 http://www.securitytracker.com/id?1023217 http://www.securitytracker.com/id?1023218 http://www.securitytracker.com/id?1023219 http://www.securitytracker.com/id?1023224 http://www.securitytracker.com/id?1023243 http://www.securitytracker.com/id?1023270 http://www.securitytracker.com/id?1023271 http://www.securitytracker.com/id?1023272 http://www.securitytracker.com/id?1023273 http://www.securitytracker.com/id?1023274 http://www.securitytracker.com/id?1023275 http://www.securitytracker.com/id?1023411 http://www.securitytracker.com/id?1023426 http://www.securitytracker.com/id?1023427 http://www.securitytracker.com/id?1023428 http://www.securitytracker.com/id?1024789
SECUNIA	http://secunia.com/advisories/37291 http://secunia.com/advisories/37292 http://secunia.com/advisories/37320 http://secunia.com/advisories/37383 http://secunia.com/advisories/37399 http://secunia.com/advisories/37453 http://secunia.com/advisories/37501 http://secunia.com/advisories/37504 http://secunia.com/advisories/37604 http://secunia.com/advisories/37640 http://secunia.com/advisories/37656 http://secunia.com/advisories/37675 http://secunia.com/advisories/37859 http://secunia.com/advisories/38003 http://secunia.com/advisories/38020 http://secunia.com/advisories/38056 http://secunia.com/advisories/38241 http://secunia.com/advisories/38484 http://secunia.com/advisories/38687 http://secunia.com/advisories/38781 http://secunia.com/advisories/39127 http://secunia.com/advisories/39136 http://secunia.com/advisories/39242 http://secunia.com/advisories/39243 http://secunia.com/advisories/39278 http://secunia.com/advisories/39292 http://secunia.com/advisories/39317 http://secunia.com/advisories/39461 http://secunia.com/advisories/39500 http://secunia.com/advisories/39628 http://secunia.com/advisories/39632 http://secunia.com/advisories/39713 http://secunia.com/advisories/39819 http://secunia.com/advisories/40070 http://secunia.com/advisories/40545 http://secunia.com/advisories/40747 http://secunia.com/advisories/40866 http://secunia.com/advisories/41480 http://secunia.com/advisories/41490 http://secunia.com/advisories/41967 http://secunia.com/advisories/41972 http://secunia.com/advisories/42377 http://secunia.com/advisories/42379 http://secunia.com/advisories/42467 http://secunia.com/advisories/42724 http://secunia.com/advisories/42733 http://secunia.com/advisories/42808 http://secunia.com/advisories/42811 http://secunia.com/advisories/42816 http://secunia.com/advisories/43308 http://secunia.com/advisories/44183 http://secunia.com/advisories/44954 http://secunia.com/advisories/48577
SLACKWARE	http://slackware.com/security/viewer.php?l=slackware-security&y=2009&...
SUNALERT	http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1
SUSE	http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html
UBUNTU	http://ubuntu.com/usn/usn-923-1 http://www.ubuntu.com/usn/USN-1010-1 http://www.ubuntu.com/usn/USN-927-1 http://www.ubuntu.com/usn/USN-927-4 http://www.ubuntu.com/usn/USN-927-5
VUPEN	http://www.vupen.com/english/advisories/2009/3164 http://www.vupen.com/english/advisories/2009/3165 http://www.vupen.com/english/advisories/2009/3205 http://www.vupen.com/english/advisories/2009/3220 http://www.vupen.com/english/advisories/2009/3310 http://www.vupen.com/english/advisories/2009/3313 http://www.vupen.com/english/advisories/2009/3353 http://www.vupen.com/english/advisories/2009/3354 http://www.vupen.com/english/advisories/2009/3484 http://www.vupen.com/english/advisories/2009/3521 http://www.vupen.com/english/advisories/2009/3587 http://www.vupen.com/english/advisories/2010/0086 http://www.vupen.com/english/advisories/2010/0173 http://www.vupen.com/english/advisories/2010/0748 http://www.vupen.com/english/advisories/2010/0848 http://www.vupen.com/english/advisories/2010/0916 http://www.vupen.com/english/advisories/2010/0933 http://www.vupen.com/english/advisories/2010/0982 http://www.vupen.com/english/advisories/2010/0994 http://www.vupen.com/english/advisories/2010/1054 http://www.vupen.com/english/advisories/2010/1107 http://www.vupen.com/english/advisories/2010/1191 http://www.vupen.com/english/advisories/2010/1350 http://www.vupen.com/english/advisories/2010/1639 http://www.vupen.com/english/advisories/2010/1673 http://www.vupen.com/english/advisories/2010/1793 http://www.vupen.com/english/advisories/2010/2010 http://www.vupen.com/english/advisories/2010/2745 http://www.vupen.com/english/advisories/2010/3069 http://www.vupen.com/english/advisories/2010/3086 http://www.vupen.com/english/advisories/2010/3126 http://www.vupen.com/english/advisories/2011/0032 http://www.vupen.com/english/advisories/2011/0033 http://www.vupen.com/english/advisories/2011/0086
XF	http://xforce.iss.net/xforce/xfdb/54158

Alert History

If you want to see full details history, please login or register.

Date	Informations
2013-06-11 17:25:04	Multiple Updates
2013-06-11 13:25:25	Multiple Updates
2013-06-10 13:25:20	Multiple Updates
2013-06-10 09:25:13	Multiple Updates
2013-06-08 05:26:32	Multiple Updates
2013-06-07 21:24:57	Multiple Updates
2013-06-06 13:25:49	Multiple Updates
2013-06-06 05:24:25	Multiple Updates
2013-06-04 17:25:56	Multiple Updates
2013-06-04 13:25:06	Multiple Updates
2013-06-03 21:27:34	Multiple Updates
2013-06-03 17:21:41	Multiple Updates
2013-06-03 13:25:57	Multiple Updates
2013-06-03 05:22:06	Multiple Updates
2013-05-31 21:25:54	Multiple Updates
2013-05-31 17:21:46	Multiple Updates
2013-05-30 17:24:40	Multiple Updates
2013-05-30 13:21:49	Multiple Updates
2013-05-10 23:58:45	Multiple Updates
2013-05-01 17:22:36	Multiple Updates
2013-05-01 13:28:04	Multiple Updates
2013-05-01 09:22:45	Multiple Updates
2013-05-01 05:38:30	Multiple Updates

Type	Count
Oval ID(s)	8
CPE ID(s)	328
osvdb(s)	35
ExploitDB Exploit(s)	1

Related	Severity
VMSA-2011-0003	(Critical)
VMSA-2010-0015	(Critical)
USN-1010-1	(Critical)
TA10-287A	(Critical)
TA10-222A	(Critical)
RHSA-2010:0987	(Critical)
RHSA-2010:0865	(Critical)
RHSA-2010:0807	(Critical)
RHSA-2010:0786	(Critical)
RHSA-2010:0770	(Critical)
RHSA-2010:0768	(Critical)
RHSA-2010:0162	(Critical)
MDVSA-2010:076-1	(Critical)
MDVSA-2010:076	(Critical)
MDVSA-2010:070-1	(Critical)
MDVSA-2010:070	(Critical)
HPSBUX02517 SSR...	(Critical)
HPSBOV02683 SSR...	(Critical)
HPSBMU02799 SSR...	(Critical)
HPSBMA02568 SSR...	(Critical)
GLSA-201301-01	(Critical)
GLSA-201006-18	(Critical)
MS10-049	(Critical)
MDVSA-2010:084	(Critical)
HPSBMA02547 SSR...	(Critical)
HPSBMU02759 SSR...	(High)
VMSA-2010-0019	(High)
USN-923-1	(High)
USN-860-1	(High)
RHSA-2010:0339	(High)
RHSA-2010:0338	(High)
RHSA-2010:0337	(High)
RHSA-2010:0167	(High)
RHSA-2009:1580	(High)
RHSA-2009:1579	(High)
MDVSA-2010:089	(High)
MDVSA-2009:323	(High)
HPSBUX02524 SSR...	(High)
HPSBOV02762 SSR...	(High)
GLSA-201206-18	(High)
GLSA-201110-05	(High)
DSA-1934	(High)
VU#120541	(Medium)
USN-990-2	(Medium)
USN-990-1	(Medium)
USN-927-6	(Medium)
USN-927-5	(Medium)
USN-927-4	(Medium)
USN-927-1	(Medium)
SUN-274990	(Medium)
SUN-273350	(Medium)
SUN-273029	(Medium)
RHSA-2010:0166	(Medium)
RHSA-2010:0165	(Medium)
RHSA-2010:0164	(Medium)
RHSA-2010:0163	(Medium)
RHSA-2010:0155	(Medium)
RHSA-2010:0130	(Medium)
MDVSA-2010:069	(Medium)
MDVSA-2009:337	(Medium)
MDVSA-2009:295	(Medium)
KB977377	(Medium)
HPSBUX02498 SSR...	(Medium)
HPSBMA02534 SSR...	(Medium)
HPSBHF02706 SSR...	(Medium)
HPSBGN02562 SSR...	(Medium)
GLSA-201203-22	(Medium)
GLSA-200912-01	(Medium)
DSA-2626	(Medium)
DSA-2161	(Medium)
DSA-2141	(Medium)
cisco-sa-200911...	(Medium)